diff --git a/daemon/dtls.c b/daemon/dtls.c
index 546abbf69..9b7b5a7b1 100644
--- a/daemon/dtls.c
+++ b/daemon/dtls.c
@@ -261,7 +261,7 @@ static int cert_init(void) {
 
 	/* sign it */
 
-	if (!X509_sign(x509, pkey, rtpe_config.dtls_signature == 1 ? EVP_sha1() : EVP_sha256()))
+	if (!X509_sign(x509, pkey, rtpe_config.dtls_signature == DSIG_SHA1 ? EVP_sha1() : EVP_sha256()))
 		goto err;
 
 	/* digest */
diff --git a/daemon/main.c b/daemon/main.c
index 64b4312ca..5beadef3d 100644
--- a/daemon/main.c
+++ b/daemon/main.c
@@ -89,7 +89,6 @@ struct rtpengine_config rtpe_config = {
 	.media_num_threads = -1,
 	.dtls_rsa_key_size = 2048,
 	.dtls_mtu = 1200, // chrome default mtu
-	.dtls_signature = 256,
 	.max_dtx = 30,
 	.dtx_shift = 5,
 	.dtx_buffer = 10,
@@ -791,13 +790,13 @@ static void options(int *argc, char ***argv) {
 
 	if (dtls_sig) {
 		if (!strcasecmp(dtls_sig, "sha-1"))
-			rtpe_config.dtls_signature = 1;
+			rtpe_config.dtls_signature = DSIG_SHA1;
 		else if (!strcasecmp(dtls_sig, "sha1"))
-			rtpe_config.dtls_signature = 1;
+			rtpe_config.dtls_signature = DSIG_SHA1;
 		else if (!strcasecmp(dtls_sig, "sha-256"))
-			rtpe_config.dtls_signature = 256;
+			rtpe_config.dtls_signature = DSIG_SHA256;
 		else if (!strcasecmp(dtls_sig, "sha256"))
-			rtpe_config.dtls_signature = 256;
+			rtpe_config.dtls_signature = DSIG_SHA256;
 		else
 			die("Invalid --dtls-signature option ('%s')", dtls_sig);
 	}
diff --git a/include/main.h b/include/main.h
index bc5187b53..f4d156fbb 100644
--- a/include/main.h
+++ b/include/main.h
@@ -108,7 +108,10 @@ struct rtpengine_config {
 	int			dtls_rsa_key_size;
 	int			dtls_mtu;
 	char			*dtls_ciphers;
-	int			dtls_signature;
+	enum {
+		DSIG_SHA256 = 0,
+		DSIG_SHA1,
+	}			dtls_signature;
 	char			**http_ifs;
 	char			**https_ifs;
 	char			*https_cert;